Lucene search

[email protected]NVD:CVE-2022-1437

HistoryApr 22, 2022 - 3:15 p.m.

CVE-2022-1437

2022-04-2215:15:07

CWE-787

CWE-122

[email protected]

web.nvd.nist.gov

buffer overflow

github

radareorg/radare2

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

EPSS

0.001

Percentile

31.5%

JSON

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.

Affected configurations

Nvd

Node

radareradare2Range<5.7.0

VendorProductVersionCPE
radareradare2*cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
radare	radare2	*	cpe:2.3:a:radare:radare2::::::::

References

github.com/radareorg/radare2/commit/669a404b6d98d5db409a5ebadae4e94b34ef5136

huntr.dev/bounties/af6c3e9e-b7df-4d80-b48f-77fdd17b4038

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

EPSS

0.001

Percentile

31.5%

JSON

Related for NVD:CVE-2022-1437

prion1 huntr1 ubuntucve1 debiancve1 osv1 cvelist1 veracode1 alpinelinux1 cve1